The physical access control system (PACS) mediates access to the computer room using iris scanning in a one-to-many (1:N) biometric identification matching approach. Which of the following is the most likely attack against the PACS as a physical control?
A. Replay attack
B. Birthday attack
C. Social engineering
D. Meet-in-the-middle
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is A. Replay attack.
The following diagram demonstrates nine points of attacks against a biometric system. Replays of the biometric data from the sensor to the feature extractor are one of them.
- “Social engineering is the psychological manipulation of people into performing actions or divulging confidential information.” (Wikipedia) The PACS is an authentication system. It’s not people and immune from psychological manipulation.
- With a birthday attack, it is possible to find a collision of a hash function.
- Meet-in-the-middle cracked Double DES.
Reference
- A Study on Attacks and Security Against Fingerprint Template Database
- The Difference Between 1:N, 1:1, and 1:Few and Why it Matters in Patient ID
- Man-in-the-middle attack
- Replay attack
- Social engineering
A BLUEPRINT FOR YOUR SUCCESS IN CISSP
My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.
- It is available on Amazon.
- Readers from countries or regions not supported by Amazon can get your copy from the author’s web site.
門禁系統(PACS)使用虹膜掃描以一對多(1:N)生物特徵識別匹配方法來管制電腦機房的進出。 以下哪項是最有可能對門禁系統這類實體控制措施進行攻擊?
A. 重播攻擊
B. 生日襲擊
C. 社交工程
D. 中間相遇